upgrade 2024: python based colorize.py means: customize colors + keywords + SCROLLABLE output! 😀
1. make sure to modify terminal and set a green-on-black color profile:
2. download + run:
su - root wget https://dwaves.de/software/python/colorize.py.txt mkdir /scripts mv colorize.py.txt /scripts/colorize.py find -L /var/log/* -type f \( -name "*" \) ! -path '*.gz*' -exec tail -n0 -f {} + | /usr/bin/python3.11 ./colorize.py
# or to view a single log file but only the last 1000 lines with keyword highlighting:
tail -300 /path/to/error.log | /usr/bin/python3 /scripts/colorize.py | less -R
# or to view last 300 lines of all files.log in any directory
find -L /var/log/* -type f -iname "*.log" -exec tail -n 300 {} + | python3 /scripts/colorize.py | less -R
for debugging problems with your system it might be interesting to know what is happening in real time in your log files
(unfortunately there are also binary and packed old logs.gz files in /var/log)
this command will follow all file changes under /var/log and output the changes to one’s screen
show newly added lines/ changes to all log files as they are generated
which is very very nice to look at a system in real time
one might want to hit Ctrl+L to clear the screen from time to time…
download as script here: mon_logs_all.sh.txt
manpage: multitail.man.txt
# without color but: you can scroll it :) find /var/log/* -type f \( -name "*" \) ! -path '*.gz*' -exec tail -n0 -f "$file" {} + # with color but no scroll :( (ccze is only available in CentOS7 and Debian 9 and 10) # ccze is not longer maintained but still available for Debian/Ubuntu/DEB based systems find /var/log/* -type f \( -name "*" \) ! -path '*.gz*' -exec tail -n0 -f "$file" {} + | ccze
# the very basic version that also works on QNAP busybox based NAS tail -f /var/log/* # kind of the same same find *.log follow changes and colorize behavior multitail --follow-all --mergeall -cs -I /var/log/* # press f to see all files that are being changes-followed # multitail help: --*- multitail 6.5.0 (C) 2003-2019 by folkert ÄT vanheusden PUNKT com -*-- multitail [-cs|-Cs|-c-] [-i] inputfile [-i anotherinputfile] [...] *** selecting files to follow *** -i x the following parameter is a filename (in case it starts with a dash) -I x like -i only this one merges this logfile into the previous window -q x z check every x seconds for new files by search criteria z, create a new window for those -qs x y z check every x seconds for new files by search criteria z, create a new window for those, use color scheme y -Q x z check every x seconds for new files by search criteria z, put them all in the same window (using subwindows) -Qs x y z check every x seconds for new files by search criteria z, put them all in the same window (using subwindows), use color scheme y -iw file i check every 'i' seconds if 'file' appeared in the filesystem --new-only (for -q/-Q) only create windows for files created after multitail was started, existing files are ignored -f follow the following filename, not the descriptor (e.g. when logrotate archives logfiles) --follow-all see -f: for all files after this switch --retry keep trying to open the following file until it is accessible --retry-all like --retry but for all following files *** selecting command output to follow *** -l x parameter is a command to be executed -L x see -l but merge the output to a previously created window -r interval restart the command when it terminated after `interval' seconds -R interval like -r, but only show the differences -Rc/-rc interval like -r/-R but clean the window before each iteration -j read from STDIN (can be used only once) -J like -j but merge into previous window --listen [interface]:port behave like a syslog server. port is normally 514 --Listen [interface]:port like --listen but merge into previous window *** merge parameters *** --mergeall merge all of the following files into the same window (in the previous window) --mergeall-new merge all of the following files into the same window (in a new window) --no-mergeall stop merging all files into one window --no-repeat suppress repeating lines and replace them with a "last message repeated x times" *** markers *** --mark-interval x when nothing comes in, print a '---mark---' line every 'x' seconds --mark-change when multiple files are merged an multitail switches between two windows, print a markerline with the filename --no-mark-change do NOT print the markerline when the file changes (overrides the configuration file) *** initial tail / scrollback parameters *** -n x initial number of lines to tail -m x set scrollback buffer size (# lines) -mb x set scrollback buffer size (in bytes, use xKB/MB/GB) -bw a/f what to buffer: 'a'll or what went through the 'f'ilter *** "tee" functionality *** -a x like 'tee': write (filtered) input to file 'x' -A x see -a: but write the unfiltered(!) input to file 'x' -g x redirect the input also (filtered) to command/process 'x' -G x redirect the unfiltered input also to command/process 'x' *** screen layout *** -s x vertical split screen (in 'x' columns) -sw x,x,... at what columns to split the screen, use '0' for automatic size -sn x,x,... number of windows per column -wh x height of window *** filtering *** -fr scheme use the predefined filter from the configuration file -e[m] print only when matching with this regexp -ev print only when NOT matching with this regexp -ec use regular expression but display the matches inverted on following file -eC use regexp, display everything but matches inverted on following file -ex execute command ('-ex regexp command') when matches, matching line is given as commandline parameter -eX like -ex but only give the matching substring as commandline parameter to the command -E use regular expression on following files -Ec use regular expression but display the matches inverted on following files -EC use regexp, display everything but matches inverted on following files -ke x strip parts of the input using regular expression 'x' -kr x y strip parts of the input starting at offset x and ending (not including!) offset y -kc x y strip parts of the input: strip column 'y' with delimiter 'x' -ks x use edit scheme 'x' (defined in configuration file) -kS x only show the substrings matched by the substring-selects (the parts between '(' and ')') in the regular epxression 'x' -v invert next regular expression (do not use with -ev/em) *** colors *** -cv x use conversion scheme 'x' (see multitail.conf) -c colorize current -cS scheme use color scheme 'scheme' (as defined in multitail.conf) -csn extra switch for the following switches; do not use reverse (inverted) colors -Cs colorize all following files with syslog-scheme -C colorize all following files -Cf/-cf field delimiter colorize next/all file(s) depending on the given field number. fields are delimited with the given field-delimiter -ci color use 'color' (red, green, etc), usefull when merging multiple inputs -c- do NOT colorize the following file -C- do NOT colorize the following files -cT term interpret terminal-codes from file/command (for terminal type 'term') -Z color set color for markerline -w do not use colors *** timestamps *** -ts add a timestamp (format configurable in multitail.conf) before each line -T put a timestamp in markerlines *** status line parameters *** -d do NOT update the status-line -D do not display a status-line at all -du put the statusline above the data window *** status line parameters *** -z do not show "window closed" pop-ups -x str show "str" in the xterm title bar -t x display 'x' in the window-title (when MultiTail runs in an xterm) -u set update interval (for slow links) *** input text handling *** -p x [y] set linewrap (l=left/a=all/r=right/s=syslog,S=syslog w/o procname,o=offset -> 'y',w=wordwrap) -P like -p but for all following files -b n set TAB-width --cont reconnect lines with a '' at the end *** line prefixes *** --basename only display the filename (and not the path) in the statusline --label x put in front of each line -S prepend show subwindow number in merged output *** configuration file *** -F file use 'file' as configuration file (instead of /etc/multitail.conf) --no-load-global-config do not read /etc/multitail.conf -o config_file_parameter do a setting which would normally be set in the configuration file *** monitoring *** -H x show heartbeat (to keep your sessions alive) --beep-interval x beep every x lines processed --bi x like '--beep-interval' but only for current (sub-)window --closeidle x close windows when more then 'x' seconds no new data was processed *** miscellaneous *** -V show version and exit -h this help You can have multiple regular expressions per file/command. Be warned: if you define multiple and one of them is specified with '-E' (=for every following file), _all_ of the current regular expressions are for all following files! For help at any time press F1.
ccze is only available in older CentOS7 and Debian 9 and 10
# apt based apt install ccze # rpm based yum install ccze # unfonrtunately author of ccze does not want to support it any further yum info ccze Installed Packages Name : ccze Arch : x86_64 Version : 0.2.1 Release : 11.el7 Size : 243 k Repo : installed From repo : epel Summary : A robust log colorizer URL : http://bonehunter.rulez.org/CCZE.html (404) -should-be-> https://github.com/madhouse/ccze License : GPLv2+ Description : CCZE is a roboust and modular log colorizer, with plugins for apm, : exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd, : vsftpd, xferlog and more.
author’s blog: https://asylum.madhouse-project.org/blog/2015/05/07/grepping-logs-is-still-terrible/
links
also: if user wants to inspect log files lnav (colorful less) might be nice
journalctl
journalctl may be used to query the contents of the systemd(1) journal as written by systemd-journald.service(8).
If called without parameters, it will show the full contents of the journal, starting with the oldest entry collected.
If one or more match arguments are passed, the output is filtered accordingly.
-x, --catalog
# very detailed output (black and white)
# go to end of log hit "Shift+G"
# go to start of log type: "gg"
journalctl -lx _SYSTEMD_UNIT=docker.service
Augment log lines with explanation texts from the message catalog.
This will add explanatory help texts to log messages in the output
where this is available.
These short help texts will explain the context of an error or log event, possible solutions, as well as pointers to support forums, developer documentation, and any other relevant manuals.
Note that help texts are not available for all messages, but only for selected ones. For more information on the message catalog, please refer to the Message Catalog Developer Documentation[4].
systemctl
systemctl may be used to introspect and control the state of the “systemd” system and service manager. Please refer to systemd(1) for an introduction into the basic concepts and functionality this tool manages.
systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-08-22 19:04:26 CEST; 14h ago
Docs: http://docs.docker.com
Main PID: 3699 (dockerd-current)
Tasks: 80
Memory: 68.5M
CGroup: /system.slice/docker.service
possible alternatives:
yum info multitail
Available Packages
Name : multitail
Arch : x86_64
Version : 6.4.2
Release : 1.el7
Size : 161 k
Repo : epel/x86_64
Summary : View one or multiple files like tail but with multiple windows
URL : http://www.vanheusden.com/multitail/
License : GPLv2
Description : MultiTail lets you view one or multiple files like the original tail
: program. The difference is that it creates multiple windows on your
: console (with ncurses). It can also monitor wildcards: if another file
: matching the wildcard has a more recent modification date, it will
: automatically switch to that file. That way you can, for example,
: monitor a complete directory of files. Merging of 2 or even more
: logfiles is possible.
: It can also use colors while displaying the logfiles (through regular
: expressions), for faster recognition of what is important and what not.
: Multitail can also filter lines (again with regular expressions) and
: has interactive menus for editing given regular expressions and
: deleting and adding windows. One can also have windows with the output
: of shell scripts and other software. When viewing the output of
: external software, MultiTail can mimic the functionality of tools like
: 'watch' and such.
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!